send() always uses SSL for Authenticated SMTPDescription:
------------
The send() function is always using SSL for Authenticated SMTP
when I did not request SSL.
User Name and Password for mail server available via email
request to brad@infoquick.com.
Test script:
---------------
$host = "mail.authsmtp.com";
$port = "25";
$username = "username";
$password = "password";
$smtp = Mail::factory(
'smtp',
array (
'host' => $host,
'port' => $port,
'auth' => true,
'username' => $username,
'password' => $password,
'localhost' => 'mail.webhost-o-matic.com',
'debug' => true
)
);
$mail = $smtp->send($to, $headers, $body);
Expected result:
----------------
I expected the email to be sent using Authenticated SMTP without
SSL.
Actual result:
--------------
505 5.0.0 Message is sent with SSL but SSL is not allowed for this
userinfoquick
infoquickhttp://pear.php.net/bugs/16349
Net_SMTP Bug
Reported by infoquick
2009-06-19T10:21:38+00:00
PHP: 5.2.0 OS: Windows 2003 Package Version:
Description:
------------
The send() function is always using SSL for Authenticated SMTP
when I did not request SSL.
User Name and Password for mail server available via email
request to brad@infoquick.com.
Test script:
---------------
$host = "mail.authsmtp.com";
$port = "25";
$username = "username";
$password = "password";
$smtp = Mail::factory(
'smtp',
array (
'host' => $host,
'port' => $port,
'auth' => true,
'username' => $username,
'password' => $password,
'localhost' => 'mail.webhost-o-matic.com',
'debug' => true
)
);
$mail = $smtp->send($to, $headers, $body);
Expected result:
----------------
I expected the email to be sent using Authenticated SMTP without
SSL.
Actual result:
--------------
505 5.0.0 Message is sent with SSL but SSL is not allowed for this
user]]>Net_SMTP Bug
Reported by infoquick
2009-06-19T10:21:38+00:00
PHP: 5.2.0 OS: Windows 2003 Package Version:
Description:
------------
The send() function is always using SSL for Authenticated SMTP
when I did not request SSL.
User Name and Password for mail server available via email
request to brad@infoquick.com.
Test script:
---------------
$host = "mail.authsmtp.com";
$port = "25";
$username = "username";
$password = "password";
$smtp = Mail::factory(
'smtp',
array (
'host' => $host,
'port' => $port,
'auth' => true,
'username' => $username,
'password' => $password,
'localhost' => 'mail.webhost-o-matic.com',
'debug' => true
)
);
$mail = $smtp->send($to, $headers, $body);
Expected result:
----------------
I expected the email to be sent using Authenticated SMTP without
SSL.
Actual result:
--------------
505 5.0.0 Message is sent with SSL but SSL is not allowed for this
user]]>2009-06-19T10:21:38+00:00
jon [2010-01-24 21:25] http://pear.php.net/bugs/16349#1264368321
<div id="changeset">
<span class="removed">-Status: Feedback</span>
<span class="added">+Status: Closed</span>
</div>This bug has been fixed in SVN.
If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).
If this was a problem with the pear.php.net website, the change should be live shortly.
Otherwise, the fix will appear in the package's next release.
Thank you for the report and for helping us make PEAR better.
http://svn.php.net/viewvc?view=revision&revision=293944
A new $tls parameter has been added to the auth() method to control whether or not TLS is attempted.]]><div id="changeset">
<span class="removed">-Status: Feedback</span>
<span class="added">+Status: Closed</span>
</div>This bug has been fixed in SVN.
If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).
If this was a problem with the pear.php.net website, the change should be live shortly.
Otherwise, the fix will appear in the package's next release.
Thank you for the report and for helping us make PEAR better.
http://svn.php.net/viewvc?view=revision&revision=293944
A new $tls parameter has been added to the auth() method to control whether or not TLS is attempted.]]>2010-01-24T21:25:21+00:00
jon [2010-01-17 23:09] http://pear.php.net/bugs/16349#1263769797
<div id="changeset">
<span class="removed">-Status: Bogus</span>
<span class="added">+Status: Feedback</span>
<span class="removed">-Package: Mail</span>
<span class="added">+Package: Net_SMTP</span>
<span class="removed">-Assigned To:</span>
<span class="added">+Assigned To: jon</span>
</div>Yes, this is the behavior of the Net_SMTP package.
It's interesting that the SMTP server is advertising the STARTTLS extension but isn't allowing the user to initiate a TLS session. Do you have any more information about that? Is this a common configuration?
One potential change we could make would be the addition of a $allowTLS (defaults to true) parameter to the auth() method. I don't know how the caller would know if it should be allowed for the current user, but it would allow the caller to disallow TLS attempts in general.]]><div id="changeset">
<span class="removed">-Status: Bogus</span>
<span class="added">+Status: Feedback</span>
<span class="removed">-Package: Mail</span>
<span class="added">+Package: Net_SMTP</span>
<span class="removed">-Assigned To:</span>
<span class="added">+Assigned To: jon</span>
</div>Yes, this is the behavior of the Net_SMTP package.
It's interesting that the SMTP server is advertising the STARTTLS extension but isn't allowing the user to initiate a TLS session. Do you have any more information about that? Is this a common configuration?
One potential change we could make would be the addition of a $allowTLS (defaults to true) parameter to the auth() method. I don't know how the caller would know if it should be allowed for the current user, but it would allow the caller to disallow TLS attempts in general.]]>2010-01-17T23:09:57+00:00
yunosh [2009-09-07 11:37] http://pear.php.net/bugs/16349#1252323432
<div id="changeset">
<span class="removed">-Status: Open</span>
<span class="added">+Status: Bogus</span>
</div>Thank you for taking the time to write to us, but this is not
a bug.
Correct, this is a Net_SMTP problem.]]><div id="changeset">
<span class="removed">-Status: Open</span>
<span class="added">+Status: Bogus</span>
</div>Thank you for taking the time to write to us, but this is not
a bug.
Correct, this is a Net_SMTP problem.]]>2009-09-07T11:37:12+00:00
schmuwi [2009-08-10 21:30] http://pear.php.net/bugs/16349#1249939843
This is a feature/bug in Net_SMTP. The method auth() checks if the server understands STARTTLS and tries to start a tls connection. See the following code in Net/SMTP.php:
function auth($uid, $pwd , $method = '')
{
/* We can only attempt a TLS connection if we're running PHP 5.1.0 or
* later, have access to the OpenSSL extension, are connected to an
* SMTP server which supports the STARTTLS extension, and aren't
* already connected over a secure (SSL) socket connection. */
$tls = version_compare(PHP_VERSION, '5.1.0', '>=') && extension_loaded('openssl') &&
isset($this->_esmtp['STARTTLS']) && strncasecmp($this->host, 'ssl://', 6) != 0;
if ($tls) {
if (PEAR::isError($result = $this->_put('STARTTLS'))) {
return $result;
}
if (PEAR::isError($result = $this->_parseResponse(220))) {
return $result;
}
if (PEAR::isError($result = $this->_socket->enableCrypto(true, STREAM_CRYPTO_METHOD_TLS_CLIENT))) {
return $result;
} elseif ($result !== true) {
return PEAR::raiseError('STARTTLS failed');
}
/* Send EHLO again to recieve the AUTH string from the
* SMTP server. */
$this->_negotiate();
}
You should open a bug for the Net_SMTP package.]]>This is a feature/bug in Net_SMTP. The method auth() checks if the server understands STARTTLS and tries to start a tls connection. See the following code in Net/SMTP.php:
function auth($uid, $pwd , $method = '')
{
/* We can only attempt a TLS connection if we're running PHP 5.1.0 or
* later, have access to the OpenSSL extension, are connected to an
* SMTP server which supports the STARTTLS extension, and aren't
* already connected over a secure (SSL) socket connection. */
$tls = version_compare(PHP_VERSION, '5.1.0', '>=') && extension_loaded('openssl') &&
isset($this->_esmtp['STARTTLS']) && strncasecmp($this->host, 'ssl://', 6) != 0;
if ($tls) {
if (PEAR::isError($result = $this->_put('STARTTLS'))) {
return $result;
}
if (PEAR::isError($result = $this->_parseResponse(220))) {
return $result;
}
if (PEAR::isError($result = $this->_socket->enableCrypto(true, STREAM_CRYPTO_METHOD_TLS_CLIENT))) {
return $result;
} elseif ($result !== true) {
return PEAR::raiseError('STARTTLS failed');
}
/* Send EHLO again to recieve the AUTH string from the
* SMTP server. */
$this->_negotiate();
}
You should open a bug for the Net_SMTP package.]]>2009-08-10T21:30:43+00:00